United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
I nilid Stall-, l'atint and Trademark Office 

Address: COMMISSIONER FOR PATENTS 



APPLICATION NO. 



10/758,434 



FILING DATE 



01/14/2004 



22434 7590 12/11/2008 

Weaver Austin Villeneuve & Sampson LLP 
P.O. BOX 70250 
OAKLAND, CA 94612-0250 



FIRST NAMED INVENTOR 



Feisal Y. Daruwalla 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



CISCP134C1/8803 



s \Mn.L. DEWANDAA 



PAPER NUMBER 



DELIVERY MODE 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



l/ffflrC? nVrliUli Otfff Iff ids y 


Application No. 

10/758,434 


Applicant(s) 

DARUWALLA ET AL. 


Examiner 

DEWANDA SAMUEL 


Art Unit 

2416 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 12 August 2008 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-11 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

Claim(s) is/are allowed. 

6) ^ Claim(s) 1-11 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 14 January 2004 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) ^| Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



PTOL-T26 d (Rev e 08-06r 



Office Action Summary 



Part of Paper No./Mail Date 20081 124 



Application/Control Number: 10/758,434 Page 2 

Art Unit: 2416 

DETAILED ACTION 

1 . This communication is responsive to the communication filed on 08/1 2/2008. 

2. Claims 1-1 1 are pending. 

Response to Arguments 

3. Applicant's arguments with respect to claims 1-1 1 have been considered but are 
moot in view of the new ground(s) of rejection. 

4. The indicated allowability of claim3 and 4 is withdrawn in view of the newly 
discovered reference(s) to Fijolek et al. (US Patent 6,986,157) and Casey (US Patent 
6,493,349). Rejections based on the newly cited reference(s) follow. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1 and 2 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Fijolek etal. (US Patent 6,510,162) in view of view of Casey (US Patent 
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With regard to claim 1 and 3 , Fijolek et al. discloses having an apparatus for 
routing packets from a first network node to a second network node in a data network, 
(Fijolek et al. discloses having a cable modem termination system 12 in fig .1 in a 
cable network that is routing data from a from a cable modem interpreted as first 
network node" back to a cable modem ("second network node ", fig. 5); 
comprising: means for assigning and the sending first node identifier (ID) to the first 
node, wherein the first node ID unique identifies the first node; Fijolek et al. discloses 
having a cable modem termination system 12 in fig. 1 that assigns service 
identifiers (SIDs) interpreted as a unique "ID" to CM (cable modems) interpreted 
as a "first node" , see column 15 line 17-18). Fijolek et al. further discloses within 
MAC 44 SIDs are unique and the CMTS 12 may assign one or more SIDs to each 
CM 16, see col. 15 lines 14-20); means for receiving a packet from the first node, said 
packet from the unique first node, said packet including the unique first node ID, and 
including routing information for routing said packet to a destination address associated 
with said second node,( Fijolek et al. discloses having a packet format for a 
incoming packet being received form a CM (cable modem),see column 15 table 9 
and 10 line 25-67); means for examining the packet to identify the unique first node ID 
of the first node;( Fijolek et al. discloses the cable modem termination system 12 
(CMTS) have the means of examining incoming packets with service identifiers 
(SID), see column 15 lines 10-67). Fijolek et al. further discloses within MAC 44 
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SIDs are unique and the CMTS 12 may assign one or more SIDs to each CM 16, 
see col. 15 lines 14-20); and means for using said unique first node ID, routing 
information (Fijolek et al. discloses having a unique service identifier (SID) 
corresponding to a cable modem (CM) and the SID and routing information 
transmitted in a packet. Fijolek et al. further discloses within MAC 44 SIDs are 
unique and the CMTS 12 may assign one or more SIDs to each CM 16, see col. 15 
lines 14-20). 

However, the combination Fijolek et al. '162 does not discloses first node is 
associated with at least one VPN; mapping between the first node ID and the least one 
VPN, (Casey discloses having extended Internet protocol virtual private network 
architectures ( titles) and also assigning a VPN (ID) to a first router ( "first node") 
linking ("mapping") VPN. ..VPN assigned and linked second router ("entity other 
than first node", column 2 line 10-18). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system 12 
(CMTS) as taught by Fijolek et al. along with a VPN ID assigned, sent, linked to first 
router and second router as taught Casey to provide a more scalable VPN 
infrastructure. 
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With regard to claim 2, in combination Fijolek et al. ,and Casey teaches the 
apparatus recited in claim 1 .Further comprising means for routing the packet to the 
second node, ( Fijolek et al. discloses in fig. 1 that the cable modem termination 
system 12 (CMTS) has the means to transmit a packet to a second CM (cable 
modem)interpreted as a "second node"). 

7. Claim 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Fijolek et al. (US Patent 6,986,157) in view of Casey (US Patent 6,493,349). 

With regard to claim 3, an apparatus for associating nodes in a data network 
with at least one virtual private network (VPN), the data network including an access 
network having at least one Head End device and a plurality of nodes the access 
network further including at least one shared access channel utilized by a first and a 
second node of the plurality of nodes to communicate with the Head End device, said 
apparatus comprising: means for assigning and then sending a first node ID to the first 
node(,( see fig. 1, Fijolek et al. discloses having a headend and a cable modem 
and a CPE interpreted as "pluritty of nodes". Fijolek et al discloses having a 
CMTS 12 assigning MAC 44 service identifier (SID) interpreted as "first node ID", 
see col. 36 lines 49-62); means for receiving a-data from the first node in the access 
network, ( see fig.1 ) ; means for identifying, within the received data, the address and 
first node ID of the first node; and means for using said identified address, ( Fijolek et 
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al. discloses CM 16 has assigned IP address being identified, see col. 22 lines 10. 
Fijolek et al. further discloses MAC address 44 as a client address, see col. 18 
lines 15-19). 

However, Fijolek et al. does not disclose having the means for mapping the 
assigned first node ID with at least one VPN, wherein the first node ID is assigned, sent, 
and mapped by an entity other than the first node; means for receiving an address for 
the first node that is associated with at least one VPN; and the mapping between the 
first node ID and the at least one VPN to determine whether said first node is 
associated with at least one VPN, ( Casey discloses having extended Internet 
protocol virtual private network architectures, see title and also assigning a VPN 
(ID) to a first router interpreted as a "first node" linking interpreted as "mapping" 
a VPN and a VPN assigned and linked second router interpreted as "entity other 
than first node", column 2 line 10-18). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to incorporate linking a VPN identifier to a first router as 
taught by Casey into the modified system of Fijolek et al. combined with Rosen to 
provide a more scalable VPN infrastructure. 
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8. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Fijolek et 
al. (US Patent 6,986,157) and Casey (US Patent 6,493,349) as applied to claim 3 
above, and further in view of Rosen et al. ("BGP/MPLS VPNs' 1999). 

With regard to claim 4, in combination Fijolek et al. and Casey teaches the 
apparatus in claim 3. further comprising means for mapping said first node to a 
particular sub-interface on the access network, ,( Rosen et al. discloses having a 
method in which a service provider with a IP backbone may provide VPNs (Virtual 
Private Networks) for its customers with MPLS (Multiprotocol Label Switching) is 
used for forwarding packets over the backbone (Abstract). Rosen et al. discloses 
that one could divide the interface into multiple "sub-interfaces"... and assign the 
packets to a VPN based on the on the sub-interface over which it arrives (page 7 
paragraph 3.1 line 11-17). 1 1 is inferred that this mechanism can be implemented 
in the node of the data-over-cable-system and that the head end also can limited 
to a particular VPN. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 as taught by Fijolek et al. assign the packets to a VPN based on 
the on the sub-interface over which it arrives as taught by Rosen et al. to provide a 
mechanism that will restrict packets access into VPNs that are not assigned to the 
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packet. 



9. Claims 4-6 are rejected under 35 U.S.C. 103(a) as being unpatentable 

Over Fijolek et al. (US Patent 6,577,642) in view of f Rosen et al. ("BGP/MPLS VPNs' 0 
1999) and Casey (US Patent 6,493,349). 

With regard to claim 5, Fijolek et al. discloses an apparatus for associating 
nodes in a data network with at least one virtual private network (VPN), the data 
network including an access network having at least one Head End device and a 
plurality Of nodes, the access network further including at least one shared access 
channel utilized by a first and a second node of the plurality of nodes to communicate 
with the Head End device, (Fijolek et al. discloses having a cable modem 
termination system 12 in fig 1 located in a head end of cable system 26 ( fig. 1). It 
is conventional that a cable modem termination system can operate as point-to- 
point or point-to- multipoint and that the cable modem are bi-directionally 
communicating with the head end. Fijolek et al. discloses having a virtual 
networking administration in a data-over- cable-system 10 using a network 
address and the first virtual networking tag stored in a virtual networking table 
associated with the second network device to provide selected first network 
devices a desired networking service on a virtual network via the data- over- 
cable-system (column 28 line 34-43); assigning and then sending an unique identifier 



Application/Control Number: 10/758,434 Page 9 

Art Unit: 2416 

(ID ) to the first node and binding the unique ID of said first node wherein the unique ID 
is assigned, sent and then bound by an entity other than the first node, wherein the ID 
unique identifies the first node. Fijoleket al. discloses having a cable modem 
termination system 12 in fig. 1 that assigns service identifiers (SIDs) to CM (cable 
modems, column 15 line 17-18). Fijolek et al. further discloses having method 
and system for virtual network administration with data-over cable system ( tile). 
In addition, Fijolek et al. discloses first networking devices includes a virtual 
network tag (" mapping at least on VPN") and a network address( "first node ID", 
column 28 line 22-43). 



Fijolek et al. does not discloses said apparatus comprising: means for determining 
whether said first node is a member of at least one VPN, ( Rosen et al. discloses 
having a method in which a service provider with an IP backbone may provide 
VPNs (Virtual Private Networks) for its customers with MPLS (Multiprotocol Label 
Switching) is used for forwarding packets over the backbone (Abstract). It is 
inferred that this mechanism can be implemented in the head end of a cable 
system 26. Rosen et al. further discloses assigning packets to a particular site ( 
page 7 line 12-1 3). ..also a packet's destination address, is matched against a 
VPN-lpv4 route ("page 8 line 49-51). It is inferred that the packets contains the 
information of the device or node from which it came from). 
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Therefore it would have been obvious to one having ordinary skill in the art at the time 
of the invention was made to have a virtual networking administration in a data- over- 
cable-system as taught by Fijolek et al. matching a destination address against a VPN- 
Ipv4 route as taught by Rosen to provide a mechanism that will transmit packets to a 
specific VPN. 

However, the combination of Fijolek et al. and Rosen does not discloses mapping 
between the first node ID and the least one VPN,( Casey discloses having extended 
Internet protocol virtual private network architectures, see title and also 
assigning a VPN (ID) to a first router interpreted as a "first node" linking 
interpreted as "mapping" a VPN and a VPN assigned and linked second router 
interpreted as "entity other than first node", column 2 line 10-18). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to incorporate linking a VPN identifier to a first router as 
taught by Casey into the modified system of Fijolek et al. combined with Rosen to 
provide a more scalable VPN infrastructure. 

With regard to claim 6, in combination Fijoleck et al. and Casey teaches the 
apparatus recited in claim 5. However, Fijoleck et al. does not disclose means for 
mapping a particular sub-interface of the Head End to said particular VPN,( Rosen et 
al. discloses having a method in which a service provider with a IP backbone may 
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provide VPNs (Virtual Private Networks) for its customers with MPLS 
(Multiprotocol Label Switching) is used for forwarding packets over the backbone 
(Abstract). Rosen et al. discloses that one could divide the interface into multiple 
"sub-interfaces"... and assign the packets to a VPN based on the on the sub- 
interface over which it arrives (page 7 paragraph 3.1 line 11-17). 1 1 is inferred that 
this mechanism can be implemented in the head end of the data-over-cable- 
system and that the head end also can limited to a particular VPN. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 as taught by Fijolek et al. assign the packets to a VPN based on 
the on the sub-interface over which it arrives as taught by Rosen et al. to provide a 
mechanism that will restrict packets access into VPNs that are not assigned to the 
packet. 

10. Claims 7-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Fijolek et al. (US Patent 6,577,642) and Rosen et al. ("BGP/MPLS VPNs" 1999) and 
Casey (US Patent 6,493,349) as applied to claim 5 above, and further in view of 
Gilbrech (US Patent 6,173,399 ). 

With regard to claim 7, in combination Fijolek et al. and Casey teaches the 
apparatus recited in claim 5. further comprising: means for receiving at said Head End 
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device a packet from said first node, said packet including a destination address 
corresponding to a second node in the network, Fijolek et al. discloses having a head 
end of a cable system 26 in fig. I which has the means to send and receive packets 
from cable modems.., such configurations may be "one-to-one", "one-to-many" 
or "many-to- many" (column 7 line 20-38). Fijolek et al. further discloses having 
means for examining said packet to identify the ID of said first node; Fijolek et al. 
discloses the cable modem termination system 12 (CMTS) have the means of 
examining incoming packets with service identifiers (SID, column 15 Nne10-67); 
and means for using said ID at said Head End device to determine whether said first 
node is a member of at least one VPN, ( Fijoleck et al. discloses having a cable 
modem termination system 12a-c... also Fijoleck et al discloses a cable television 
network headend is a central location ( column 4 line 33-34). 

However, Fijoleck et al. does not disclose first node is a member of at least one 
VPN. Gilbrech discloses having a VPN unit processing packet by examining the 
source and destination address of the packet. Gibrech fulther discloses the VPN 
unit moderates data communication between members of a defined VPN group 
(column 2 line 45-48) and the VPN unit maintains a lookup table identifying 
members of a specific virtual private network groups. It is inferred that the VPN 
unit keeps record of an identifier of member in a table and each identifier is link to 
a virtual private network groups. 
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With regard to claim 8, in combination Fijoleck et al., Casey, Rosen et al. and 
Gilrech teaches the apparatus recited in claim 7. However, Fijoleck et al. does not 
discloses that the first node is a member of a first VPN, determining at said Head End 
device whether the destination address of said packet is within said first VPN,( Rosen 
et al. discloses having a method in which a service provider with an IP backbone 
may provide VPNs (Virtual Private Networks) for its customers with MPLS 
(Multiprotocol Label Switching) is used for forwarding packets over the backbone 
(Abstract). It is inferred that this mechanism can be implemented in the head end 
of a cable system 26. Rosen et al. further discloses when a packets destination 
address interpreted as "destination address" is matched against a VPN-IPv4 
route interpreted as" first VPN" , see page 8 line 49-51). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system 10 as taught by Fijolek et al. matching packets destination address 
against a VPN-IPv4 route (VPN) as taught by Rosen et al. to provide a mechanism that 
will restrict packets from entering in VPNs that they are not associated with. 

With regard to claim 9, in combination Fijoleck et al., Casey, Rosen et al. and 
Gilrech teaches the apparatus recited in claim 7.further comprising means for routing 
the packet to the second node, (Fijoleck et at. discloses having a having a head end 
of a cable system 26 with a cable modem termination system 12 in fig. 1 routing 
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packets to a cable modem and the system configurations may be "one-to-one", 
"one-to-many" or "many-to- many" interpreted as "routing to a second node" , 
see column 7 line 20-38 and fig. 1 ). It is inferred that the head end have the 
capability to route packets to other cable modems in the network. 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a to a cable modem termination system 12 
(CMTS) assigning a unique identifier SID within a packet as taught by Fijolek et al. 
being examined a VPN unit that associates identifying members with a virtual private 
network groups as taught by Gilbrech to provide a more secure cable network. 

11. Claims 10 and 11 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Fijoleck et al. (US Patent 6,577,642) in view of Casey (US Patent 6,493,349) . 

With regard to claim 10, Fijoleck et al. discloses having a apparatus for 
configuring a Head End of an access network to route packets from a first node to a 
second node in the access network, Fijolek et al. discloses having a cable modem 
termination system 12 in fig 1 located in a head end of cable system 26 ( fig. 1 ). 
the apparatus comprising: means for associating particular network nodes on 
the, access network with a first virtual private network (VPN) ; Fijoleck et al. 
further discloses having a virtual networking administration in a data-over-cable- 
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system 10 (column 28 line 18-19); the means for assigning and then sending to the 
first node an unique identifier (ID), wherein the unique ID is assigned and sent to the 
first node by an entity other than the first node, wherein the unique ID uniquely identifies 
the first node; Fijolek et al. discloses having a cable modem termination system 12 
in fig. 1 that assigns service identifiers (SIDs) to CM (cable modems, column 15 
line 17-18). . Fijolek et al. '162 further discloses within MAC 44 SIDs are unique 
and the CMTS 12 may assign one or more SIDs to each CM 16, see col. 15 lines 
14-20); the means for associating the assigned ID with the first VPN to thereby cause 
the first node to be associated with the first VPN, wherein the assigned ID is associated 
by the entity other than the first node. Fijoleck et al. (6,577,642) discloses having a 
cable modem termination system 12 in fig. 1 that assigns service identifiers 
(SIDs) to CM (cable modems, column 15 line 17-18). 

However, Fijolek et al. means for mapping the assigned unique ID with at least 
on VPN, wherein the unique ID is assigned, sent and mapped by an entity other than 
the first node, ( Casey discloses having extended Internet protocol virtual private 
network architectures ( titles).., also assigning a VPN (ID) to a first router ( "first 
node") linking ("mapping") VPN. ..VPN assigned and linked second router ("entity 
other than first node", column 2 line 10-18); ( "first node") linking ("mapping") 
VPN. ..VPN assigned and linked second router ("entity other than first node", 
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column 2 line 10-18). 

Therefore it would have been obvious to one having ordinary skill in the art at the time 
of the invention was made to incorporate linking a VPN identifier to a first router as 
taught by Casey into the system of Fijolek et al. combined to provide a more scalable 
VPN infrastructure. 



12. Claim 11 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Fijolek et al. (US Patent 6,577,642) and Casey (US Patent 6,493,349) as applied to 
claim 10 above, and further in view of Rosen et al. ("BGP/MPLS VPNs '1999). 

With regard to claim 11, in combination Fijoleck et al. and Casey teaches the 
apparatus recited in claim 10. However, Fijoleck et al. does not disclose means for 
including mapping a particular sub-interface of the Head End to the first VPN. (Rosen et 
al. discloses that one could divide the interface into multiple "sub-interfaces" and 
assign the packets to a VPN based on the on the sub-interface over which it 
arrives (page 7 paragraph 3.1 line 11-1 7).1t is inferred that this mechanism can be 
implemented in the head end of the data-over- cable-system and that the head 
end also can limited to a particular VPN. 
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Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to have a virtual networking administration in a data- 
over-cable-system as taught by Fijolek et al. assign the packets to a VPN based on the 
on the sub-interface over which it arrives as taught by Rosen et al. to provide a 
mechanism that will restrict packets access into VPNs that are not assigned to the 
packet. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DeWanda Samuel whose telephone number is (571) 
270-1213. The examiner can normally be reached on Monday- Thursday 8:30-5:30 
EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ricky Q. Ngo can be reached on (571) 272-3139. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
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have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/DeWanda Samuel/ 
Examiner, Art Unit 2416 
12/12/2008 
/Ricky Ngo/ 

Supervisory Patent Examiner, Art Unit 2416 



